Today Microsoft announced the Microsoft Software Protection Platform, which are new technologies to help Microsoft fight piracy, that will arrive in Windows Vista and Windows Server, Longhorn, my nickname in college. j/k The technology includes improvements in how they validate software, activate software and how the software acts when tampering or hacking is detected.
PressPass: What is the scope of the piracy problem around the world for the software industry?
Hartje: Piracy is one of the most significant problems facing the software industry globally. According to a report published by the Business Software Alliance a leading software industry forum 35 percent of all software installed worldwide during 2005 was pirated or unlicensed. That represents US$35 billion of industry losses in 2005 alone. While larger companies can still operate in the black, this piracy rate has a significant impact on the thousands of smaller organizations, from software publishers to software and PC resellers, that depend on the health of the software ecosystem to survive.
The only assumption that is wrong with this is that everyone who installes pirated software would buy it if they didn’t have an illegal copy. No way is this even close to being true. When I was younger and could not afford software, it didn’t bother me to try out stuff that I wouldn’t be able to buy anyway, and I’m sure most people are the same way. Now that I am older I buy everything I want to use, because I can afford it. What Microsoft and these other companies need to watch are the ones who install illegal software on systems that they sell, and are making a profit on pirated software. I’m not saying they should over look the normal user, but saying that all software piracy cost the industry 35 billion is crazy.
One of the things the Software Protection Platform enables is enhancements to the genuine experience in Windows Vista, thereby differentiating it from the non-genuine experience. Customers that use genuine Windows Vista product should expect, and will get, an enhanced set of features that will not work on non-genuine or unlicensed versions of Windows Vista. Customers using genuine and licensed copies of Windows Vista will have access to Windows Aero and Windows ReadyBoost features, as well as full functionality of Windows Defender and extra optional updates from Windows Update. Computer systems that do not pass validation will not have access to these features, although they will still have access to critical security updates. Aero offers Microsoft’s best-designed, highest-performing desktop experience and is available in Windows Vista Home Premium, Windows Vista Business and Windows Vista Ultimate. ReadyBoost lets users use a removable flash memory device to improve system performance without opening the computer to install additional memory. Both are key features that a user of non-genuine software will quickly realize are not running. Windows Defender helps protect a user’s PC against pop-ups, and security threats caused by spyware and other malware.
At least they will still allow users to get the critical patches not matter what, those users that are not patched hurt everyone, not just themselves, as they can become part of a botnet, or help spread viruses, and lord knows what else.
Ed Bott of the Microsoft Report weighs in here, he has documented many, many problems with Windows Genuine Advantage, the precursor to these new technologies.
My head practically exploded when I read this sentence describing the new, improved punishment regimen: “Windows Vista will have a reduced functionality mode but one that is enhanced.” Enhanced reduced functionality? Orwell would be proud.
The most chilling part of SPP is its new code to detect tampering. As Lindeman explained to me, “If the Software Protection Platform determines that the core binaries of your system have been hacked with, you will get a notification that operating system has been tampered with. Reinstallation is the remedy.” And the clock starts ticking immediately. When an anti-tampering warning first appears, you have three days to reinstall or otherwise fix your copy of Windows Vista or shift into reduced functionality mode.
That last part is pretty scary, three days? What is someone’s machine is hacked, Microsoft is going to protect them by going into reduced functionality mode. Sounds like the volume licensing is really going to be a pain in the butt, what is the reason everyone should upgrade to Vista, isn’t it supposed to make everyone’s lives easier and not just line Microsoft’s pocket?
He reports in another post about WGA validation problems with Windows XP and volume license keys, which are used by pirates when they can get them because they didn’t require validation.
This week, the WGA Validation Problems forum is awash in reports from customers in corporations and at universities that volume license keys (VLKs) are suddenly being reported as blocked.
The problem was the result of an issue on the Microsoft server side, and it is under investigation
If you are looking for security related info, you should visit Faill.com, a social bookmarking site that is all about security and security related info.
Microsoft has been talking up it’s security on the upcoming Longhorn server, saying a couple features such as a self healing file system and an automatic patch check system. The self healing file system will take care of things such as bad sectors, and even cpu’s with a high number of self correcting errors, but really all it is is some of the desk checking utilites, such as chkdsk and defrag will be running in the background.
One of the new features is “secure-at-install,” which is designed to help secure new installations of the operating system in specific server roles. When a new server is installed as a terminal server or file server, for example, the system will automatically find and apply security updates that apply to a particular role, Microsoft said.
NAP, or network access protection, will also be included int he server OS, which will let users perform a check on PCs connecting to their network and block clients that don’t meet rules, such as the latest patches and virus signatures.
At an unspecified time after it releases Longhorn Server, Microsoft plans to add a Security Token Service, or STS, to Active Directory. This new service is to extend capabilities Microsoft plans to offer with Active Directory Federation Services, or ADFS, which is set to ship with Windows Server 2003 R2.
Previous Next ADFS lets users create trust relationships with other Active Directory users and enable authentication across corporate boundaries. STS will offer extended federation and privacy support, and integrated resource discovery and management, among other features, Microsoft said.
STS also will support InfoCard, a code name for a new Microsoft technology designed to provide secure storage for identity information that will be shared with online services such as Web stores.
They also made WinFx available, which is designed to make it easy for developers to use some of the security features in Windows, meaning they would no longer have to write the code for dealing with identity and access.
Read more here.